1. Select and incorporate appropriate management, technical, and operational security controls into a system security plan.
2. Integrate and evaluate management, technical, and operational controls in the context of an information security program.
3. Develop a sample System Security Plan for an information system.